1 /* 2 * QEMU crypto TLS x509 credential support 3 * 4 * Copyright (c) 2015 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #ifndef QCRYPTO_TLSCREDSX509_H 22 #define QCRYPTO_TLSCREDSX509_H 23 24 #include "crypto/tlscreds.h" 25 26 #define TYPE_QCRYPTO_TLS_CREDS_X509 "tls-creds-x509" 27 #define QCRYPTO_TLS_CREDS_X509(obj) \ 28 OBJECT_CHECK(QCryptoTLSCredsX509, (obj), TYPE_QCRYPTO_TLS_CREDS_X509) 29 30 typedef struct QCryptoTLSCredsX509 QCryptoTLSCredsX509; 31 typedef struct QCryptoTLSCredsX509Class QCryptoTLSCredsX509Class; 32 33 #define QCRYPTO_TLS_CREDS_X509_CA_CERT "ca-cert.pem" 34 #define QCRYPTO_TLS_CREDS_X509_CA_CRL "ca-crl.pem" 35 #define QCRYPTO_TLS_CREDS_X509_SERVER_KEY "server-key.pem" 36 #define QCRYPTO_TLS_CREDS_X509_SERVER_CERT "server-cert.pem" 37 #define QCRYPTO_TLS_CREDS_X509_CLIENT_KEY "client-key.pem" 38 #define QCRYPTO_TLS_CREDS_X509_CLIENT_CERT "client-cert.pem" 39 40 41 /** 42 * QCryptoTLSCredsX509: 43 * 44 * The QCryptoTLSCredsX509 object provides a representation 45 * of x509 credentials used to perform a TLS handshake. 46 * 47 * This is a user creatable object, which can be instantiated 48 * via object_new_propv(): 49 * 50 * <example> 51 * <title>Creating x509 TLS credential objects in code</title> 52 * <programlisting> 53 * Object *obj; 54 * Error *err = NULL; 55 * obj = object_new_propv(TYPE_QCRYPTO_TLS_CREDS_X509, 56 * "tlscreds0", 57 * &err, 58 * "endpoint", "server", 59 * "dir", "/path/x509/cert/dir", 60 * "verify-peer", "yes", 61 * NULL); 62 * </programlisting> 63 * </example> 64 * 65 * Or via QMP: 66 * 67 * <example> 68 * <title>Creating x509 TLS credential objects via QMP</title> 69 * <programlisting> 70 * { 71 * "execute": "object-add", "arguments": { 72 * "id": "tlscreds0", 73 * "qom-type": "tls-creds-x509", 74 * "props": { 75 * "endpoint": "server", 76 * "dir": "/path/to/x509/cert/dir", 77 * "verify-peer": false 78 * } 79 * } 80 * } 81 * </programlisting> 82 * </example> 83 * 84 * 85 * Or via the CLI: 86 * 87 * <example> 88 * <title>Creating x509 TLS credential objects via CLI</title> 89 * <programlisting> 90 * qemu-system-x86_64 -object tls-creds-x509,id=tlscreds0,\ 91 * endpoint=server,verify-peer=off,\ 92 * dir=/path/to/x509/certdir/ 93 * </programlisting> 94 * </example> 95 * 96 */ 97 98 struct QCryptoTLSCredsX509 { 99 QCryptoTLSCreds parent_obj; 100 #ifdef CONFIG_GNUTLS 101 gnutls_certificate_credentials_t data; 102 #endif 103 bool sanityCheck; 104 char *passwordid; 105 }; 106 107 108 struct QCryptoTLSCredsX509Class { 109 QCryptoTLSCredsClass parent_class; 110 }; 111 112 113 #endif /* QCRYPTO_TLSCREDSX509_H */ 114